I have created an OU that I want to give a department rights to add new accounts and reset passwords. I understand that I can delegate them to this OU but how do i hide the other OUs in the domain/forest? I had tried to take away read from authenticated users but this didn't work as expected. When I tried to set this then some of the servers couldn't apply group policy. What is the correct way to hide an OU from regular users? Thanks!

Hi I assume your problem is because the users you have delegated control to are using AD Users & Computers for management. As an alternative to AD Users & Computers, you could create a Taskpad view for them to use. The following link has a good example of how to do this... http://www.petri.co.il/create_taskpads_for_ad_operations.htm Hope this helps.Douks